There's a new version of the Yarn open source JavaScript Package Manager launched last year by Facebook, Google, Expononet and Tilde.

Yarn is intended as a replacement for the npm package manager which is automatically included with Node.js. Facebook developers working on big projects like React found the npm client didn't scale to the number of programmers and the number of packages, so got together with Google, Exponent and Tilde and build a new npm client - which is what Yarn is.

Yarn was initially released 11 months ago, and there are now more than 175,000 projects on GitHub using it. Yarn is also now responsible for nearly 3 billion package downloads per month. At Facebook, Yarn has been adopted across many codebases including the main Facebook app and website, Instagram, Oculus, and WhatsApp.

Yarn's advantages of shorter install times, better performance and stability has seen companies including Twitter, Microsoft, Kenzan, and Sentry using the product.

Writing on the Facebook code blog, Burak Yiğit Kaya, Christoph Nakazawa and Maël Nison of the Yarn team said:

"We're thrilled with the adoption and community engagement. Yarn's main focus when we launched almost a year ago was stability, resiliency, and performance. Building on the core principles of what made yarn successful in the first place, the 1.0 release comes with many new features that we hope will help the Yarn community move faster and build great projects."

The new version of Yarn adds Workspaces, support for the auto-merging of LockFiles, and selective version resolutions.

Yarn Workspaces let you manage code using a mono-repository approach for source control. The developers say this makes it easier to share code across all projects while avoiding dependency synchronization issues. Workspaces let you automatically aggregate all the dependencies from multiple package.json files and install them all in one go. Yarn will also create symlinks between all Workspaces that depend on one another.

Workspaces are already used by some teams at Facebook and projects like Babel in the open source community.

Auto-merging overcomes the problem where a merge conflict has occurred on the yarn.lock file because dependencies have been updated in separate pull requests one after another. If this happens, Yarn will now automatically handle the conflict resolution for you.

(click in GIF to enlarge)

Selective version resolutions makes it easier to ensure your code uses the most recent package with bug fixes or critical security updates where your project is not the direct consumer of those dependencies. Until now, you'd either be forced to either wait until your direct dependency is updated, or fork it and update the dependencies manually until a new release.

Yarn now allows defining a resolutions field in a project's package.json file that instructs Yarn to use specific versions of certain sub-dependencies, regardless of the original patterns its dependents set.